[security bulletin] HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Inf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04378799 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04378799 Version: 1 HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-07-23 Last Updated: 2014-07-23 Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. References: CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101647 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server migration v7.2.2, v7.3, v7.3.1, and v7.3.2 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2010-5298(AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following updates to v7.3.2 of HP Insight Control server migration to resolve these vulnerabilities by upgrading to version 7.3.3. Please note that version 7.3.3 of HP Insight Control server migration is included on the HP Insight Management 7.3 Update 2 DVD. HP has provided the installation binaries for download from the following web site by using the Receive for free option: http://h18013.www1.hp.com/products/servers/management/fpdownload.html Customers using HP Insight Control server migration v7.2.2 must first upgrade from v7.2.2 to v7.3 by using the HP Insight Management v7.3 DVD, and then upgrade to v7.3.3 by using the HP Insight Management v7.3 Update 2 DVD. Customers running HP Insight Control server migration v7.3, v7.3.1, or v7.3.2, can use the HP Insight Control server migration v7.3 Update 2 DVD to complete the upgrade. For more information on the upgrade process, please refer to the HP Insight Management Installation and Upgrade Guide and Release notes, which are available at the following location: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind ex.aspx?cat=insightmanagement NOTE: The upgrade paths described above update the entire HP Insight Control software stack. To upgrade HP Insight Control server migration only, complete the following steps: Copy hpsmp.exe to the local machine from the HP Insight Management v7.3.0 Update 2 DVD ISO. Create batch file with the following commands: @echo off hpsmp.exe /verysilent /SVCPATCH=Install_Through_Patch Copy the batch file to the folder where hpsmp.exe normally resides on the target system. Double click on the batch file. The HP Insight Control server migration installation starts in a command prompt. The command prompt closes when the installation finishes. After the installation completes it creates a log file (ICmigr.log) and an output file (ICmigroutput.xml) on the target system. Do not close or click on the command prompt while the process is completing. Do not run the command prompt in the background. HISTORY Version:1 (rev.1) - 23 July 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com
Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
Hi @ll, the import function of Windows Mail executes a rogue program C:\Program.exe with the credentials of another account, resulting in a privilege escalation! 1. Fetch http://home.arcor.de/skanthak/download/SENTINEL.EXE and save it as C:\Program.exe 2. Start Windows Mail (part of Windows Vista and Windows Server 2008) 3. On the File menu, click Identities 4. On the entry page of the wizard click [ Continue ] 5. Select (*) Import identities of other Windows account and click [ Continue ] 6. Enter account name and password of any Windows account 7. See the message from C:\Program.exe when Windows Mail runs the UNQUOTED command line C:\Program Files\Windows Mail\WinMail.Exe /identcatalog From http://msdn.microsoft.com/library/cc144175.aspx or http://msdn.microsoft.com/library/cc144101.aspx: | Note: If any element of the command string contains or might contain | spaces, it must be enclosed in quotation marks. Otherwise, if the | element contains a space, it will not parse correctly. For instance, | My Program.exe starts the application properly. If you use | My Program.exe without quotation marks, then the system attempts to | launch My with Program.exe as its first command line argument. From http://msdn.microsoft.com/en-us/ms682425.aspx: | Security Remarks | | The lpApplicationName parameter can be NULL, and the executable name | must be the first white space-delimited string in lpCommandLine. | If the executable or path name has a space in it, there is a risk that | a different executable could be run because of the way the function | parses spaces. Avoid the following example, because the function | attempts to run Program.exe, if it exists, instead of MyApp.exe. ... | If a malicious user were to create an application called Program.exe | on a system, any program that incorrectly calls CreateProcess using | the Program Files directory will run this application instead of the | intended application. | | To avoid this problem, do not pass NULL for lpApplicationName. | If you do pass NULL for lpApplicationName, use quotation marks around | the executable path in lpCommandLine, as shown in the example below. Long filenames were introduced 20 years ago, but M$FTs developers still can't handle them properly, and their QA is unable to detect such silly and trivial to spot bugs! regards Stefan Kanthak PS: yes, it needs administrative privileges to write C:\Program.exe. BUT: all the user account(s) created during Windows setup have administrative privileges. PPS: NO, the user account control is NO security boundary! http://support.microsoft.com/kb/2526083 | Same-desktop Elevation in UAC is not a security boundary and can be hijacked | by unprivileged software that runs on the same desktop. Same-desktop | Elevation should be considered a convenience feature, and from a security | perspective, Protected Administrator should be considered the equivalent | of Administrator.
[SECURITY] [DSA 2986-1] iceweasel security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2986-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff July 23, 2014 http://www.debian.org/security/faq - - Package: iceweasel CVE ID : CVE-2014-1544 CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 24.7.0esr-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.0-1. We recommend that you upgrade your iceweasel packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJT0BF5AAoJEBDCk7bDfE42v/8QAINs0APbnlMu/Tp3dQwTkmdS 3B2dCvWpn+r0Ogzk56nHYt0+rjJXw9LzjMqLpi+AiZj3Uo3HGctxrKw57qD4jVtv XulXGgyccovLm1rzNlgH9ZyBv/cXR88azIhBfSp8BWleU3XJ/weneKVKiNKknNwm u3BI19lYMolT37RpeHiZSt5NWJr8EG5LR/lY9SjxgCc3cGKgRSHgl2RYGFVq+Ril Dr0A2+HeAcRoI1tRCkWqHd6ZP1M/3b9HcQ7UTsWmUGR60002gmDMsixzipAxL09K UEoUNonlJuOxGkXtRGtG1wpCvuXeY2Km4tjqMhVNlxx4/FzXFknwEWJXeCkrVAhY tTLXLbXwVKK/LWnKbjM7//a7bPGtnh9+EsjgbrkSQI7RqiAY+ah//EMb6C5TaQYa O6aAKxfNg0BjH2xZd4e4HV+pMSlOdLmKXUUkCRdsY3baaDrI7BRkIIrXZBdAYZqb xJJCHXxP+eILSY8R2BO/w4tDG8SjZHMAwhcYQcSN75kIbzVegJ9ij63++mRPuCy/ 1fl3XJKDK8qkyxvgt/fYgvrxENiyGxfT05kz/+QMc8h4ZuzL0I4krlRZU41bjcsz PRpZrMetO3xtl9+WqRhw2V3nklKXEs1E96nGfeXkVmT2KHbDawnPP1LvzGouNffT Eo3e69x2VFbISAK/A2BD =3uzz -END PGP SIGNATURE-
[security bulletin] HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04379485 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04379485 Version: 1 HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-07-23 Last Updated: 2014-07-23 Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. References: CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101648 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Systems Insight Manager v7.2, v7.2.1, v7.2.2, v7.3, v7.3.0a, and v7.3.1 are bundled with the following software products: HP Smart Update Manager (SUM) 5.3.5 through 6.3.1 HP System Management Homepage (SMH) v7.2.3 and 7.3.2 for Linux and Windows HP Version Control Agent (VCA) v7.3.2 for Windows HP Version Control Agent (VCA) v7.3.2 for Linux HP Version Control Repository Manager (VCRM) v7.2.0, v7.2.1, v7.2.2, v7.3.0, and v7.3.1 for Windows BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2010-5298(AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve these vulnerabilities in HP Systems Insight Manager (SIM). HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager v7.2 Hotfix kit is currently unavailable, but will be released at a later date. http://h18013.www1.hp.com/products/servers/management/hpsim/download.html NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. Additional documentation for SIM can be found here: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind ex.aspx?cat=insightmanagementsubcat=sim#.U2yioSi20tM HP has addressed these vulnerabilities for the impacted software components bundled with HP Systems Insight Manager (SIM) in the following HP Security Bulletins: HP SIM Component HP Security Bulletin Location HP Smart Update Manager (SUM) https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04349175 HP System Management Homepage (SMH) https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04345210 HP Version Control Agent (VCA) on Linux and Wndows https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04349897 Version Control Repository Manager (VCRM) on Linux and Windows https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04349789 HISTORY Version:1 (rev.1) - 23 July 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title
[slackware-security] httpd (SSA:2014-204-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] httpd (SSA:2014-204-01) New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/packages/httpd-2.4.10-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: *) SECURITY: CVE-2014-0117 (cve.mitre.org) mod_proxy: Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy with a threaded MPM. [Ben Reser] *) SECURITY: CVE-2014-0118 (cve.mitre.org) mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener] *) SECURITY: CVE-2014-0226 (cve.mitre.org) Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. [Joe Orton, Eric Covener] *) SECURITY: CVE-2014-0231 (cve.mitre.org) mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts. [Rainer Jung, Eric Covener, Yann Ylavic] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the Get Slack section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.27-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.27-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.27-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.27-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.27-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.27-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.10-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.10-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.10-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.10-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.10-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.10-x86_64-1.txz MD5 signatures: +-+ Slackware 13.0 package: c79e696c379625efd18e6414f30dba80 httpd-2.2.27-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 28be181b3a0aae494371279230f190e9 httpd-2.2.27-x86_64-1_slack13.0.txz Slackware 13.1 package: fc409fff4d79cb1969a40756f8a9f576 httpd-2.2.27-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 07ab0f3337fc15656cd2e841c9b0eba4 httpd-2.2.27-x86_64-1_slack13.1.txz Slackware 13.37 package: b5cefd8903745aceaa68b482cb63e4e2 httpd-2.2.27-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 610a33703e7f84fd14f09bc9529c1cd5 httpd-2.2.27-x86_64-1_slack13.37.txz Slackware 14.0 package: d6dedc1064a6a4d039b188fed02de89b httpd-2.4.10-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7d150bf3bd558bf70ea2c21a08a1b5b7 httpd-2.4.10-x86_64-1_slack14.0.txz Slackware 14.1 package: 7e9b03930b0452a95595a61cf1b093d8
[SECURITY] [DSA 2987-1] openjdk-7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2987-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff July 23, 2014 http://www.debian.org/security/faq - - Package: openjdk-7 CVE ID : CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 7u65-2.5.1-2~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 7u65-2.5.1-1. We recommend that you upgrade your openjdk-7 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJT0BGAAAoJEBDCk7bDfE420tUQALyN6eA7+l8D/jTvJCfJVPla phdnBUgjhp08XjxoFf2O2ITRlmZr3PokKtoUP83lTIKfPh1w9no9jBjx9TpbThLG fToi5J1XfPUC92TM7TtvqDaemTlFYC1Fxx7ZBcEIQDUaXADR3f6X9JeewUEuUDER 5r3Vka6bwJiNVNz6DsIUbUbjvSyqIWkamYHJqgT4fwVg2ViJMJLKwWSMSas6cFio kbqLmI5xPhs9TdbvXvq8Lg+giai0ambh3tjZAwdsz2coNr9yRiihvcVA4sg/DN6L pmlCp27Ru8bTJ3slG8uOYoXhtZzoW4FkEaXKiOsY9Cca9PKhENsgfobRDNe0Xl5o 6mX5HdXmZMdeg6i/rAdTxxGug3xcNLr9NNM8sZM/HtNuWIeD4B6UywHpzYyJaq5U 06frIvg1LHV2DBakGZD5F4ODmTDKPLuwSTH42Vk79oAAy7THktALnxjnaDTFDl7P D1zfzEUA2uW4MTHnYAqV4MGIRvfZlZnAAov+nR4bI5e5MdHvHqphz8fw9XpLIKfy Xd5Zbk9fqyb+nr3aO9WTpWsYGn04H7cEtLSvVy7OpW1RpQWb9C8bsQTmAu/2dCV8 hJCEui6wildK7yyBI8DLA448PdKVMK5qfmmGpFwNEI/j4C01mz2PHE6suxM++zk0 /Hd+qrL7W5h3NFmDkNKn =I9a7 -END PGP SIGNATURE-
[slackware-security] mozilla-firefox (SSA:2014-204-02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2014-204-02) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/packages/mozilla-firefox-24.7.0esr-i486-1_slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the Get Slack section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-firefox-24.7.0esr-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-firefox-24.7.0esr-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-31.0-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-31.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.1 package: f9b36ed8841cfb7498ab733fc45cee57 mozilla-firefox-24.7.0esr-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 33a51298e9816a86d2bbf429c0544684 mozilla-firefox-24.7.0esr-x86_64-1_slack14.1.txz Slackware -current package: 6e8220cd09b571b2b75c268f61c45211 xap/mozilla-firefox-31.0-i486-1.txz Slackware x86_64 -current package: 0fe8c17b4409b3477b63167d98a66149 xap/mozilla-firefox-31.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-firefox-24.7.0esr-i486-1_slack14.1.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlPQWlUACgkQakRjwEAQIjOOOwCdHxZMLRBpS++ET+CMc4xLXAB9 +cIAn1lYz7snRAPPaFMo2cb7jSkSpSRB =VioM -END PGP SIGNATURE-
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass Exception Handling Vulnerability + PoC Video BNSEC-2398
Document Title: === Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass Exception Handling Vulnerability + PoC Video References (Source): http://www.vulnerability-lab.com/get_content.php?id=1102 Barracuda Networks Security ID (BNSEC): BNSEC-2398 https://www.barracuda.com/support/knowledgebase/50160013m1P Video: http://www.vulnerability-lab.com/get_content.php?id=1210 Vulnerability Magazine: http://vulnerability-db.com/magazine/articles/2014/07/23/barracuda-networks-patched-bnsec-2398-bulletin-firewall-appliance-application View Video: http://www.youtube.com/watch?v=-cTO7ork6Hg Solution #6613 BNSEC-02398: Authenticated non- persistent validation vulnerability in Barracuda Firewall v6.1.2 Release Date: = 2014-07-23 Vulnerability Laboratory ID (VL-ID): 1102 Common Vulnerability Scoring System: 5.7 Product Service Introduction: === The Barracuda Firewall goes beyond traditional network firewalls and UTMs by providing powerful network security, granular layer 7 application controls, user awareness and secure VPN connectivity combined with cloud-based malware protection, content filtering and reporting. It alleviates the performance bottlenecks in Unified Threat Management (UTM) appliances through intelligent integration of on-premise and cloud-based technologies. While the powerful on- premises appliance is optimized for tasks like packet forwarding and routing, Intrusion Prevention (IPS), DNS/DHCP services and site-to-site connectivity; CPU intensive tasks like virus scanning, content filtering and usage reporting benefit from the scalable performance and elasticity of the cloud. (Copy o the Vendor Homepage: https://www.barracuda.com/products/firewall ) Abstract Advisory Information: == The Vulnerability Laboratory Team discovered a filter bypass and a persistent vulnerability in Barracuda Networks Firewall Appliance v6.1.0.016 Application. Vulnerability Disclosure Timeline: == 2013-09-26: Researcher Notification Coordination (Benjamin Kunz Mejri) 2013-09-27: Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program) 2013-09-30: Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program) 2014-06-30: Vendor Fix/Patch (Barracuda Networks Developer Team) [Coordination: Dave Farrow] 2014-07-23: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): Barracuda Networks Product: Firewall Appliance Web-Application 6.1.0.016 - x100 x200 x300 x400 x500 x600 Vx Exploitation Technique: === Remote Severity Level: === High Technical Details Description: An input validation web vulnerability is detected in the official Barracuda Networks Firewall Appliance Web-Application. The vulnerability allows an attacker (remote) to implement/inject own malicious persistent script codes (application side). The vulnerability is located in the `VPN Certificates` module when processing to request via POST to GET method manipulated `cert_error` values through the secure appliance application exception-handling. The script code execution occurs in the main header on top of the error message (exception-handling). The issue impact a persistent and non-persistent attack vector because of the values can be exploited in the regular service GET method request in the referer on the client-side. The second technique is to exploit by inject via POST method request to provoke an error (exception) with specific manipulated context. The attacker moves to the certificates area and uploads even in the restricted mode 2 pem certs, he tampers the request and exchange the upload path but drops also an invalid value to the name. The application will respond via GET and drops an unknown error message in the exception-handling of the module. The attacker is able to change the referer and includes his own code to the affected parameters. The result is a client-side execution in the first exception message body context. Now the links in the main website will change to the error link with referer through application-side. The attacker is now able to click the link or request the url to execute the code inside of the exception-handling contents`Error message with persistent attack vector. The security risk of the persistent and non-persistent input validation vulnerability and fitler bypass is estimated as medium with a cvss (common vulnerability scoring system) count of 5.7. Exploitation of the persistent web vulnerability requires low user interaction and a local low privileged (restricted) web-application account. Successful exploitation of the vulnerability
[slackware-security] mozilla-thunderbird (SSA:2014-204-03)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2014-204-03) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/packages/mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the Get Slack section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-thunderbird-24.7.0-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-31.0-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-31.0-x86_64-1.txz MD5 signatures: +-+ Slackware 14.1 package: ac54bc759d8084bed209fb1cfd8f4b8e mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 87d1bc42a24ce9e815cb3d82a8f7e1d8 mozilla-thunderbird-24.7.0-x86_64-1_slack14.1.txz Slackware -current package: f747ab4af12568ef5b1af0d250636daa xap/mozilla-thunderbird-31.0-i486-1.txz Slackware x86_64 -current package: 0da198ca2d2258db758476c14d032be2 xap/mozilla-thunderbird-31.0-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlPQWlcACgkQakRjwEAQIjMhiQCeOa8S1O5ePzBZCWPTIJpRQabd dAMAn1gVW+iuEEDy5FPIsfnLvq8BXxI4 =ACww -END PGP SIGNATURE-